MAAS could be more helpful with scripted installation scenarios to cover common network setups
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Won't Fix
|
Wishlist
|
Unassigned | ||
maas (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
by default, there's no way for a node started by maas to talk to the internet. There is also no way on the maas dashboard that I can see that allows me to control this sort of network behaviour either.
For now, we are using a shell script to start NAT rules in iptables so that a node can actually talk to the internet.
Scenario one:
node commissioned and started, uses d-i to do a basic install. This works fine however, if you have the pressed do something like add a PPA for some different packages during late_command, you can never complete installation because add-apt-repository can't talk to the outside. And if you add the repo manually, I do not believe you can actually pull the packages from ppa.launchpad.net.
Scenario two:
node commissioned and started, using fast-path install. After fast-path is done and note reboots, you ssh into the node and want to add the PPA manually and install packages. This is impossible because again, add-apt-repository fails to get stuff from launchpad.net.
Solution to both, for now, is to set up NAT with the following rules:
echo 1 > /proc/sys/
/sbin/iptables -t nat -A POSTROUTING -o $EXTERNAL -j MASQUERADE
/sbin/iptables -A FORWARD -i $EXTERNAL -o $INTERNAL -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i $INTERNAL -o $EXTERNAL -j ACCEPT
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: maas 1.5+bzr2227-
ProcVersionSign
Uname: Linux 3.13.0-23-generic x86_64
ApportVersion: 2.14.1-0ubuntu1
Architecture: amd64
Date: Tue Apr 8 15:11:12 2014
InstallationDate: Installed on 2014-01-13 (85 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140113)
PackageArchitec
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: maas
UpgradeStatus: No upgrade log present (probably fresh install)
Changed in maas: | |
status: | Triaged → Won't Fix |
Hi Jeff,
My nodes can access the Internet perfectly well, which demonstrates that your problem is entirely dependent on each kind of network set up.
This is partly why there is a proxy setting on the region controller, but this is not used after the node is installed.
So I think MAAS can do better in a couple of ways:
1. Set up the proxy on installed nodes if it's set on the region's settings
2. Allow admins to configure ip forwarding on the region controller
However #2 is problematic because the region controller is not really a single machine on scaled-out installation, there could be many appservers and Postgres slaves.
How do you think MAAS could help in that scenario where the region is not a single machine?
Cheers.